Data Protection and Privacy

**Purpose of the Job**:To safeguard the organization’s sensitive data and ensure compliance with global privacy regulations by implementing robust data protection strategies, managing DLP and classification tools, and leading breach response efforts. This role is responsible for embedding privacy awareness across the business, conducting privacy impact assessments, and aligning security controls with legal and regulatory requirements. It plays a critical role in reducing data-related risks and maintaining trust with stakeholders, regulators, and customers.

Key Internal Stakeholders
- Legal and Compliance Teams - to ensure alignment with POPIA, GDPR, and other privacy regulations, and to support regulatory reporting and contract reviews.
- Information Security Team - for integrating privacy controls with broader security frameworks, including DLP, IAM, and incident response.
- IT Infrastructure and Operations - to implement and maintain technical controls such as data classification, retention policies, and access management.
- Human Resources (HR) - for coordinating privacy training, awareness campaigns, and handling employee data responsibly.
- Engineering and Development Teams - to embed privacy-by-design principles and support security champion program

Key External Stakeholders
- Regulatory Authorities - such as the Information Regulator (South Africa) and EU Data Protection Authorities,
- Third-party Vendors and Service Providers - to ensure data processing agreements are in place and privacy obligations are met.
- External Auditors - for independent assessments of privacy controls and compliance posture.
- Customers and Data Subjects - whose personal data must be protected and whose rights must be respected under applicable privacy laws.

**Key Performance Areas**
- **DLP tools, data classification policies** Implement and manage DLP and data classification programs to identify, categorize, and protect sensitive information across the organization.
- **Privacy regulations (POPIA, GDPR, etc.)**Ensure compliance with global privacy laws through audits, policy updates, and staff training initiatives.
- **Security awareness content and training schedules**Design and deliver targeted security awareness programs, focusing on data protection best practices and breach response protocols.
- **Engineering team engagement and training metrics** Develop and maintain security champion programs to embed privacy awareness within technical teams.
- **Breach reports, incident logs, and regulatory timelines** Lead incident response for data breaches, including investigation, documentation, regulatory reporting, and remediation.
- **System and process risk assessments** Conduct Data Privacy Impact Assessments (DPIAs) for high-risk systems and processes to identify and mitigate privacy risks.
- **Collaboration with IT and legal teams** Align security controls, retention policies, and access management with privacy requirements through cross-functional collaboration.

**Qualifications & Experience**:

- Bachelor’s degree in Information Security, Law, Computer Science, Information Systems, or a related field.
- Professional certifications in data privacy and protection, such as:

- Certified Information Privacy Professional (CIPP) - preferably CIPP/E or CIPP/US
- Certified Information Privacy Manager (CIPM)
- Certified Data Privacy Solutions Engineer (CDPSE)
- Microsoft certifications aligned to privacy, compliance, and data governance:

- SC-900: Microsoft Security, Compliance, and Identity Fundamentals
- SC-400: Microsoft Information Protection Administrator - focused on Microsoft Purview, DLP, and data classification
- MS-500: Microsoft 365 Security Administration - for broader security and compliance capabilities in Microsoft 365
- Familiarity with Microsoft Purview for data classification, DLP, and compliance management is highly advantageous.
- Additional training in POPIA, GDPR, and other global privacy regulations is essential.
- 5-8 years of experience in data protection, privacy, or information security roles, with a strong focus on regulatory compliance and privacy operations.
- Demonstrated experience implementing and managing Data Loss Prevention (DLP) and data classification technologies.
- Proven track record in conducting Data Privacy Impact Assessments (DPIAs) and managing privacy risks across enterprise systems.
- Experience leading data breach investigations, including regulatory reporting and remediation planning.
- Background in designing and delivering security awareness and training programs, especially around privacy and data handling.
- Familiarity with working across legal, IT, and engineering teams to align privacy controls with business and regulatory requirements.
- Experience with global privacy regulations such as POPIA, GDPR, and CCPA is essential.

**Attributes**
- Implementation and management of Data Loss Prevention (DLP) and data classification tools
- Conducting Data Privacy Impact Ass